SecNotes

@MaTRiX13 Its there, but I can’t get it to execute. So that makes at least 3 of us in the same boat. Anyone with a tip?

ok so can I help? well maybe…
for initial shell keep going old school on , everything you need is there. think old school, what can you access, what can you do?
fot priv esc: well search the WHOLE system for interesting exes relating to weird thing you should notice!! then what you did before will help you in the future!!

@DataPush3r I got it now what a dummy I am.

For all people having problems to get a shell … back to basics and try a simple shell, this OS version usually have an AV running …

I’ve got to admit that was a fun path to system. Totally unexpected. I rushed things at the beginning and had a total face palm. But overall it was a really fun box!
Thanks 0xdf

I’m still working on the initial foothold, but I seem to be running into an issue where I get the response “Something went wrong”. I’ve figured out that it’s related to the length of my input. Is there a way around this or do I just have to figure out how to work with it?

Edit: Never mind. I was trying to go much farther into the DB than was necessary.

@DataPush3r said:
I’ve got to admit that was a fun path to system. Totally unexpected. I rushed things at the beginning and had a total face palm. But overall it was a really fun box!
Thanks 0xdf

Yeah I did the same, saw some stuff on the filesystem that I assumed was for that feature you use, but didn’t even think of how I could use that to my advantage until I ran out of options and figured I’d give it a look, then it was very simple. It was a really fun box.

Oh god. So I’ve tried many exploits. Read some credentials. Accessed a place to write to. I’ve accessed all users’ names and password hashes. But I have still not been able to read from the filesystem. “something went wrong” errors every time I try to read file system. I’m new and I start my OSCP training this saturday. I’m just doing hackthebox to get ready. Any education is much appreciated to access this box. I’m not doing this to test my skills just yet, I’m doing hackthebox to learn.

@starcraftfreak said:
Oh god. So I’ve tried many exploits. Read some credentials. Accessed a place to write to. I’ve accessed all users’ names and password hashes. But I have still not been able to read from the filesystem. “something went wrong” errors every time I try to read file system. I’m new and I start my OSCP training this saturday. I’m just doing hackthebox to get ready. Any education is much appreciated to access this box. I’m not doing this to test my skills just yet, I’m doing hackthebox to learn.

Look at my post a couple above yours. “Something went wrong” means you’re trying to go too deep and enumerate too much from the DB (there’s an input length limitation). Keep it simple. Dump what you can from the Secure Notes app and then use that information elsewhere.

Anyone willing to give small, non-spoiler hints for privilege escalation? I’m a bit of a noob when it comes to Windows and a little lost. Currently going through the filesystem looking for anything that might be useful. Not really noticing much. I DID notice the “odd” folder in the root directory, however.

hey any hints on this box struck after login …beginner my first box attempt

For privesc, I discovered something weird by accidentally listing everything…
n00bp0tat0

Rooted! Fun little box…

I’ve been struggling with privesc here… I was intrigued by u*****.exe and did some reading on WSL but can’t figure out how to make use of it as a non-privileged user. Am I in the right area or are my efforts better concentrated elsewhere?

ok… so logged in on the web page… pulled some notes…
connected to a different service where I can read and write files…
but then what :frowning: probably something basic…
if anyone can send me a small nudge… would be much appreciated.

@rewks said:
I’ve been struggling with privesc here… I was intrigued by u*****.exe and did some reading on WSL but can’t figure out how to make use of it as a non-privileged user. Am I in the right area or are my efforts better concentrated elsewhere?

Keep digging, there is a way to make it work. Maybe google what your trying to run, and it what OS. I found it fairly quickly

Edit: Fixed the problem and rooted it. It was an issue of using the wrong tool to spawn my connect-back shell. Windows 10 is flakey.

This file might just hint you , Look for other interessing files related to it :wink:

maybe this could help some people, when your using one shell and it not working for what ever reason, get a different shell with another tool. There are many options. netcat, ncat, powercat, nishang, etc… I had two different connect back shells going, when something didn’t work in one, I switched to another. My shells would also get hung from time to time while I was experimenting, so I just sent another over and kept going

Rooted. Very interesting box, learned heaps by doing it. Happy to provide hints through DM